On February 3, 2024, this article was posted on Slashdot:

Ask Slashdot: Can You Roll Your Own Home Router?

I found this amusing for many reasons, but mostly because the performance of Linux as a cheap “roll your own” router is what helped bring it to prominence in the first place.

The Slashdot article and eggegick’s question are particularly anachronistic when you consider that what eggegick’s asking for has been possible since the 1990’s.

In 1997, the Linux Router Project (LRP) was born, with the design goal of fitting an entire router and firewall onto a single 1.44MB floppy disk. The idea was that you would dredge up some old hardware sitting around and doing nothing (like an old 386 or 486, common old hardware for the time), install a network card or two, and boot LRP from the floppy. Instantly the old PC would go from collecting dust to being a powerful firewall and router for your network.

The machine didn’t even need to have a functional hard drive since LRP operated entirely from ramdisk.

Linux Router Project booting from floppy

In the 100th issue of Linux Journal from August 2002, an article called “The Linux Router” explained how old consumer PC hardware stacked up financially against commercial offerings from Cisco:

The cost of building a good Linux router (based on a Pentium I, 200MHz MMX) […] is less than $100 US. […] The Cisco 2620 with a 50MHz Motorola Processor, 16MB Flash RAM and 40MB DRAM is more than $3,500 US.

But going back to the 1990’s, it was an interesting intersection of a bunch of related events so far as the Internet was concerned:

  • IPv4 address exhaustion was recognized early as a problem for a rapidly growing Internet (RFC1338)

  • This problem was accelerated as multitudes of private networks from all walks of life (residential, commercial, governmental) were connected to the Internet.

  • NAT (known originally in Linux as IP Masquerading) was invented and shifted the Internet from an end-to-end network to one of segmented networks.

  • RFC1597 and later RFC1918 spelled out the rules for private IP addressing.

So, it’s little wonder that there was high demand for firewalls and routers. Linux fit the bill perfectly by offering a cheap way to introduce a high-quality router to any network.

Parallel to this, there were commercial products being developed. Most famously the PIX from Network Translation, Inc (now owned by Cisco and called the ASA) was and continues to be popular in the commercial space. The Serial Port has a fantastic video about this subject and you should definitely give it a watch.

Other commercial efforts involved exploiting Linux and the Linux Routing Project for financial gain. Many of these were minimum-effort repackages, effectively stripping the LRP branding and slapping a corporate logo on it instead. When the Linux Routing Project folded in 2003, Dave Cinege (LRP’s primary contributor) had some bitter words about the state of things:

My many contributions to the computing community has reaped very little personal benefit for myself. As I now struggle to pay the bills I can not help but feel quite pissed off at the state of affairs, for myself and the other authors who contributed massive amounts of time and quality work, only to have it whored by companies not willing to give back one dime to the people that actually created what it is they sell. Acknowledgement and referral would have at least been acceptable. Few companies do even that.

One of these companies that Cinege described was NetMaster Networking Solutions, a company from British Columbia which sold the Linux Router Project rebranded as Gateway Guardian.

Gateway Guardian booting up, look familiar?

In 1999 and 2000, NetMaster took Gateway Guardian on a tour of technical conferences and conventions, where they would give away “demo floppies” to show how you could convert an old PC to a powerful router or firewall. If you liked the demo, (which was programmed to only work for about thirty minutes), then you could buy a commercial license.

Gateway Guardian main menu showing evaluation license

A license for Gateway Guardian Personal Edition sold for $49 USD, and once someone purchased one, Gateway Guardian would check the license validity through /sbin/cipher. The key scheme was fairly simplistic - here’s a portion of the decompiled code for the /sbin/cipher binary:

ifcfg = popen("/sbin/ifconfig eth0 | grep HWaddr | cut -d \" \" -f 11", "r");
if (!ifcfg) {
  fprintf(stderr, "Could not execute ifconfig to retrieve MAC address\n");
  return 111;
}
fscanf(ifcfg, "%s", mac);
pclose(ifcfg);

edition = "per";

edition_calculation = key[2] + key[5] + key[8] - 144;
if (edition_calculation == 15)
    edition = "pro";
else if (edition_calculation == 19)
    edition = "vpn";

sprintf(src, "%c%c%c%s", edition[2], edition[1], edition[0], mac);

sprintf(cmd, "%s %s | %s | %s -c %d-%d",
    "echo", src, "/usr/bin/md5sum", "cut", 14, 23
);
command = popen(cmd, "r");
if (!command) {
  fprintf(stderr, "Could not execute cipher check.\n");
  return 111;
}
fscanf(command, "%s", md5)
pclose(command);

md5[2] = key[2];
md5[5] = key[5];
md5[8] = key[8];

if (!strcmp(md5, key)) {
    if (edition_calculation == 19)
        return 213; /* vpn edition */
    if (edition_calculation == 15)
        return 212; /* pro edition */
    return 211; /* personal edition */
}

fprintf(stderr, "Registration key is invalid, or non-existant.\n");
fprintf(stderr, "Running in Personal Edition demo mode.\n");
return 111;

In summary, the license key is the MAC address of eth0 run through md5sum, with a few characters replaced depending on the licensed edition.

Given how simple this is, it’s possible that a shell script compiler was used.

Notice also how the return values determine what edition was licensed. One could replace /sbin/cipher with a simple shell script that does “exit 213”, and Gateway Guardian would accept that as a valid VPN edition license.

That aside, writing a keygen in bash was easy enough:

echo -n "MAC Address: "
read mac

vpn="$(echo "npv${mac^^}" | md5sum | cut -b14-23)"
pro="$(echo "orp${mac^^}" | md5sum | cut -b14-23)"
per="$(echo "rep${mac^^}" | md5sum | cut -b14-23)"

echo "     VPN Edition: ${vpn:0:2}9${vpn:3:2}9${vpn:6:2}1${vpn:9}"
echo "     Pro Edition: ${pro:0:2}5${pro:3:2}5${pro:6:2}5${pro:9}"
echo "Personal Edition: ${per:0:2}0${per:3:2}0${per:6:2}0${per:9}"

But returning to Slashdot and our friend eggegick and their options - we’re spoiled for choice. These days it’s pretty simple to install any distribution and use it as a router/firewall. VyOS is an excellent choice for something more appliance-like. DD-WRT and OpenWRT are also good. There’s never been a better time to dive in.

For those wanting to live a little like it’s the 1990’s, you can download the floppy image for Gateway Guardian here. I also have an image for LRP 2.9.8 available here.